This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Products scope union

Posted on 03-17-2016 03:23 AM
banto_78
New Member
Reply posted on --/--/---- --:-- AM

Hi,

i would like to know if it is possible to retrieve the products scope for an app belonging to more than one product. I have tested the scenario with an app belonging to Product_A and Product_B that have different set of scopes (Product_A=x,y and Product_B=z). But using an AccessEntity activity (as below) i can only see in the trace window the scope of the first product only! Shouldn't i get the union of scopes?

thanks lot.

<AccessEntity name='AE-Product'>  <EntityType value='apiproduct' />  <EntityIdentifier type='consumerkey' ref='parsedRequest.client_id' />  <!-- result is stored in a variable:  AccessEntity.AE-Product --></AccessEntity>
0 1 225
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
apininja
Staff
Reply posted on --/--/---- --:-- AM

The AccessEntity policy only returns the first apiproduct that it finds.

If you want to get all scopes of all apiproducts of your app you can use a dummy OAuth GenerateAccessToken policy to get all the scopes for you. Credits go to @Sean Davis, see here.

This the the basic idea:

0) Verify API Key policy

1) Make all settings for the OAuth GenerateAccessToken policy

2) Execute GenerateAccessToken policy

3) Fetch the scopes variable

0) Verify api key to fill client_id and client_secret variables which are necessary in step 1b.

<VerifyAPIKey name="verify-api-key" enabled="true" continueOnError="false" async="false">
    <DisplayName>Verify API Key</DisplayName>
    <APIKey ref="request.queryparam.apikey"/>
</VerifyAPIKey>

1a) Set the dummy grant_type which is necessary by step 2

<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-OAuth-Variables">
    <DisplayName>Assign OAuth Variables</DisplayName>
    <Properties/>
    <AssignVariable>
        <Name>dummy_grant_type</Name>
        <Value>client_credentials</Value>
    </AssignVariable>
</AssignMessage>

1b) set the Basic Authorization header which is necessary by step 2:

<BasicAuthentication name="BasicAuth.EncodeClientCredentials">
    <DisplayName>BasicAuth.EncodeClientCredentials</DisplayName>
    <Operation>Encode</Operation>
    <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
    <User ref="verifyapikey.verify-api-key.client_id"/>
    <Password ref="verifyapikey.verify-api-key.client_secret"/>
    <AssignTo createNew="false">request.header.Authorization</AssignTo>
</BasicAuthentication>

2) GenerateAccessToken, make sure the GenerateResponse is set to "false".

<OAuthV2 async="false" continueOnError="false" enabled="true" name="Get-Scopes">
    <DisplayName>Get Scopes</DisplayName>
    <Properties/>
    <Attributes/>
    <ExternalAuthorization>false</ExternalAuthorization>
    <Operation>GenerateAccessToken</Operation>
    <SupportedGrantTypes>
        <GrantType>client_credentials</GrantType>
    </SupportedGrantTypes>
    <GenerateResponse enabled="false"/>
    <GrantType>my_grant_type</GrantType>
    <ClientId>verifyapikey.verify-api-key.client_id</ClientId>
</OAuthV2>

3) Fetch the scopes variable. In my example I put it in the payload of the response.

<AssignMessage async="false" continueOnError="false" enabled="true" name="Assign-Repsonse">
    <DisplayName>Assign Repsonse</DisplayName>
    <Properties/>
    <Set>
        <Payload>{oauthv2accesstoken.Get-Scopes.scope}</Payload>
    </Set>
    <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
    <AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
0 Likes